Updating various doc items with 0.6 features, releasing soon, and removing references to things new in 0.4, which

has been out long enough to no longer be new.
pull/1256/head
Michael DeHaan 13 years ago
parent dac0db9ca2
commit 1aa3c1522c

@ -289,7 +289,7 @@ languages:
</p>
<p>
&copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 30, 2012.<br/>
Last updated on Jul 31, 2012.<br/>
</p>
</div>
</footer>

@ -465,7 +465,7 @@ e.g.
</p>
<p>
&copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 30, 2012.<br/>
Last updated on Jul 31, 2012.<br/>
</p>
</div>
</footer>

@ -311,7 +311,7 @@ This way you have an audit trail describing when and why you changed the rules a
</p>
<p>
&copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 30, 2012.<br/>
Last updated on Jul 31, 2012.<br/>
</p>
</div>
</footer>

@ -396,7 +396,7 @@ a simplified syntax for this.</p>
</p>
<p>
&copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 30, 2012.<br/>
Last updated on Jul 31, 2012.<br/>
</p>
</div>
</footer>

@ -403,7 +403,7 @@ tasks &#8211; whether for a QA sytem, build system, or anything you can think of
</p>
<p>
&copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 30, 2012.<br/>
Last updated on Jul 31, 2012.<br/>
</p>
</div>
</footer>

@ -204,7 +204,7 @@ s.parentNode.insertBefore(ga, s);
</p>
<p>
&copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 30, 2012.<br/>
Last updated on Jul 31, 2012.<br/>
</p>
</div>
</footer>

@ -391,7 +391,7 @@ explore, but you already have a fully working infrastructure!</p>
</p>
<p>
&copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 30, 2012.<br/>
Last updated on Jul 31, 2012.<br/>
</p>
</div>
</footer>

@ -410,7 +410,7 @@ Puppet Labs, and is now with <a class="reference external" href="http://rpath.co
</p>
<p>
&copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 30, 2012.<br/>
Last updated on Jul 31, 2012.<br/>
</p>
</div>
</footer>

@ -340,8 +340,7 @@ a lot shorter than this:</p>
<h2>Module Provided &#8216;Facts&#8217;<a class="headerlink" href="#module-provided-facts" title="Permalink to this headline"></a></h2>
<p>The &#8216;setup&#8217; module that ships with Ansible provides many variables about a system that can be used in playbooks
and templates. However, it&#8217;s possible to also add your own facts without modifying the system module. To do
this, just have the module return a <cite>ansible_facts</cite> key, like so, along with other return data. This requires
Ansible 0.4 and later:</p>
this, just have the module return a <cite>ansible_facts</cite> key, like so, along with other return data:</p>
<div class="highlight-python"><pre>{
"changed" : True,
"rc" : 5,
@ -469,7 +468,7 @@ Stop by the mailing list to inquire about requirements.</p>
</p>
<p>
&copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 30, 2012.<br/>
Last updated on Jul 31, 2012.<br/>
</p>
</div>
</footer>

@ -818,8 +818,7 @@ host before using this module.</p>
</div>
<div class="section" id="raw">
<span id="id13"></span><h2>raw<a class="headerlink" href="#raw" title="Permalink to this headline"></a></h2>
<p>Executes a low-down and dirty SSH command, not going through the module subsystem.
This module is new in Ansible 0.4.</p>
<p>Executes a low-down and dirty SSH command, not going through the module subsystem.</p>
<p>This is useful and should only be done in two cases. The first case is installing
python-simplejson on older (python 2.4 and before) hosts that need it as a dependency
to run modules, since nearly all core modules require it. Another is speaking to any
@ -1275,7 +1274,7 @@ yum name=httpd state=installed</pre>
</p>
<p>
&copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 30, 2012.<br/>
Last updated on Jul 31, 2012.<br/>
</p>
</div>
</footer>

@ -271,7 +271,7 @@ proxy=proxy.atlanta.example.com</pre>
</div>
<div class="section" id="groups-of-groups-and-group-variables">
<h2>Groups of Groups, and Group Variables<a class="headerlink" href="#groups-of-groups-and-group-variables" title="Permalink to this headline"></a></h2>
<p>Using Ansible 0.4, it is possible to make groups of groups and assign
<p>It is also possible to make groups of groups and assign
variables to groups. These variables can be used by /usr/bin/ansible-playbook, but not
/usr/bin/ansible:</p>
<div class="highlight-python"><pre>[atlanta]
@ -380,7 +380,7 @@ a <a class="reference external" href="https://github.com/ansible/ansible/blob/de
</p>
<p>
&copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 30, 2012.<br/>
Last updated on Jul 31, 2012.<br/>
</p>
</div>
</footer>

@ -149,7 +149,7 @@ s.parentNode.insertBefore(ga, s);
class="dropdown-toggle">Page</a>
<span class="localtoc"><ul>
<li><a class="reference internal" href="#">Playbooks</a><ul>
<li><a class="reference internal" href="#playbook-example">Playbook Example</a></li>
<li><a class="reference internal" href="#playbook-language-example">Playbook Language Example</a></li>
<li><a class="reference internal" href="#basics">Basics</a><ul>
<li><a class="reference internal" href="#hosts-and-users">Hosts and Users</a></li>
<li><a class="reference internal" href="#vars-section">Vars section</a></li>
@ -157,7 +157,7 @@ s.parentNode.insertBefore(ga, s);
</ul>
</li>
<li><a class="reference internal" href="#running-operations-on-change">Running Operations On Change</a></li>
<li><a class="reference internal" href="#include-files-and-reuse">Include Files And Reuse</a></li>
<li><a class="reference internal" href="#include-files-and-encouraging-reuse">Include Files And Encouraging Reuse</a></li>
<li><a class="reference internal" href="#executing-a-playbook">Executing A Playbook</a></li>
<li><a class="reference internal" href="#tips-and-tricks">Tips and Tricks</a></li>
</ul>
@ -189,11 +189,10 @@ s.parentNode.insertBefore(ga, s);
<div class="section" id="playbooks">
<h1>Playbooks<a class="headerlink" href="#playbooks" title="Permalink to this headline"></a></h1>
<p>Playbooks are a completely different way to use ansible and are
particularly awesome. They are the basis for a really simple
<p>Playbooks are a completely different way to use ansible than in task execution mode, and are
particularly awesome. Simply put, playbooks are the basis for a really simple
configuration management and multi-machine deployment system,
unlike any that already exist, and
one that is very well suited to deploying complex applications.</p>
unlike any that already exist, and one that is very well suited to deploying complex applications.</p>
<p>Playbooks can declare configurations, but they can also orchestrate steps of
any manual ordered process, even as different steps must bounce back and forth
between sets of machines in particular orders. They can launch tasks
@ -205,10 +204,13 @@ remote systems are in spec.</p>
<p>Let&#8217;s dive in and see how they work. As you go, you may wish to open
the <a class="reference external" href="https://github.com/ansible/ansible/tree/master/examples/playbooks">github examples directory</a> in
another tab, so you can apply the theory to what things look like in practice.</p>
<div class="section" id="playbook-example">
<h2>Playbook Example<a class="headerlink" href="#playbook-example" title="Permalink to this headline"></a></h2>
<div class="section" id="playbook-language-example">
<h2>Playbook Language Example<a class="headerlink" href="#playbook-language-example" title="Permalink to this headline"></a></h2>
<p>Playbooks are expressed in YAML format and have a minimum of syntax.
Each playbook is composed of one or more &#8216;plays&#8217; in a list.</p>
<p>The goal of a play is map a group of hosts to some well defined roles, represented by
things ansible called tasks. At the basic level, a task is nothing more than a call
to an ansible module, which you should have learned about in earlier chapters.</p>
<p>By composing a playbook of multiple &#8216;plays&#8217;, it is possible to
orchestrate multi-machine deployments, running certain steps on all
machines in the webservers group, then certain steps on the database
@ -285,21 +287,18 @@ this does not come into play. Ansible also takes care to not log password parame
<p>These variables can be used later in the playbook like this:</p>
<div class="highlight-python"><pre>$varname or ${varname}</pre>
</div>
<p>The later is useful in the event you need to do something like ${other}_concatenated_value.</p>
<p>The full power of the Jinja2 templating language is also available (note: in 0.4, this is only true inside of templates), which looks like this:</p>
<p>The later is useful in the event you need to do something like ${other}_some_string.</p>
<p>The full power of the <a class="reference external" href="http://jinja.pocoo.org/docs/">Jinja2</a> templating language is also available, which looks like this:</p>
<div class="highlight-python"><pre>{{ varname }}</pre>
</div>
<p>The Jinja2 documentation provides information about how to construct loops and conditionals for those
who which to use more advanced templating. This is optional and the $varname format still works in template
files.</p>
<p>If there are discovered variables about the system (ansible provides some of these,
plus we include ones taken from facter or ohai if installed) these variables bubble up back into the
playbook, and can be used on each system just like explicitly set
variables.</p>
<p>Facter variables are prefixed with <tt class="docutils literal"><span class="pre">facter_</span></tt> and Ohai
variables are prefixed with <tt class="docutils literal"><span class="pre">ohai_</span></tt>. Ansible variables (0.3 and later)
are not surprisingly prefixed with <tt class="docutils literal"><span class="pre">ansible_</span></tt> (See the <a class="reference internal" href="modules.html#setup"><em>setup</em></a> module
documentation for a list of Ansible variables).</p>
<p>If there are discovered variables about the system, called &#8216;facts&#8217;, these variables bubble up back into the
playbook, and can be used on each system just like explicitly set variables. Ansible provides several
of these, prefixed with &#8216;ansible&#8217;, and are documented under <a class="reference internal" href="modules.html#setup"><em>setup</em></a> in the module documentation. Additionally,
facts can be gathered by ohai and facter if they are installed. Facter variables are prefixed with <tt class="docutils literal"><span class="pre">facter_</span></tt> and Ohai
variables are prefixed with <tt class="docutils literal"><span class="pre">ohai_</span></tt>.</p>
<p>So for instance, if I wanted
to write the hostname into the /etc/motd file, I could say:</p>
<div class="highlight-python"><pre>- name: write the motd
@ -314,19 +313,22 @@ to write the hostname into the /etc/motd file, I could say:</p>
<h3>Tasks list<a class="headerlink" href="#tasks-list" title="Permalink to this headline"></a></h3>
<p>Each play contains a list of tasks. Tasks are executed in order, one
at a time, against all machines matched by the host pattern,
before moving on to the next task.</p>
<p>Hosts with failed tasks are taken out of the rotation for the entire
playbook. If things fail, simply correct the playbook file and rerun.</p>
before moving on to the next task. It is important to understand that, within a play,
all hosts are going to get the same task directives. It is the purpose of a play to map
a selection of hosts to tasks.</p>
<p>When running the playbook, which runs top to bottom, hosts with failed tasks are
taken out of the rotation for the entire playbook. If things fail, simply correct the playbook file and rerun.</p>
<p>The goal of each task is to execute a module, with very specific arguments.
Variables, as mentioned above, can be used in arguments to modules.</p>
<p>Modules other than <cite>command</cite> and <cite>shell</cite> are &#8216;idempotent&#8217;, meaning if you run them
<p>Modules are &#8216;idempotent&#8217;, meaning if you run them
again, they will make the changes they are told to make to bring the
system to the desired state. This makes it very safe to rerun
the same playbook multiple times. They won&#8217;t change things
unless they have to change things.</p>
<p>The <cite>command</cite> and <cite>shell</cite> modules will actually rerun the same command again,
<p>The <cite>command</cite> and <cite>shell</cite> modules will typically rerun the same command again,
which is totally ok if the command is something like
&#8216;chmod&#8217; or &#8216;setsebool&#8217;, etc.</p>
&#8216;chmod&#8217; or &#8216;setsebool&#8217;, etc. Though there is a &#8216;creates&#8217; flag available which can
be used to make these modules also idempotent.</p>
<p>Every task should have a <cite>name</cite>, which is included in the output from
running the playbook. This is output for humans, so it is
nice to have reasonably good descriptions of each task step. If the name
@ -345,6 +347,18 @@ them work just like you would expect. Simple:</p>
- name: disable selinux
action: command /sbin/setenforce 0</pre>
</div>
<p>The command and shell module care about return codes, so if you have a command
who&#8217;s successful exit code is not zero, you may wish to do this:</p>
<blockquote>
<div><dl class="docutils">
<dt>tasks:</dt>
<dd><ul class="first last simple">
<li>name: run this command and ignore the result
action: shell /usr/bin/somecommand &amp; /bin/true</li>
</ul>
</dd>
</dl>
</div></blockquote>
<p>Variables can be used in action lines. Suppose you defined
a variable called &#8216;vhost&#8217; in the &#8216;vars&#8217; section, you could do this:</p>
<div class="highlight-python"><pre>tasks:
@ -352,11 +366,13 @@ a variable called &#8216;vhost&#8217; in the &#8216;vars&#8217; section, you cou
action: template src=somefile.j2 dest=/etc/httpd/conf.d/$vhost</pre>
</div>
<p>Those same variables are usable in templates, which we&#8217;ll get to later.</p>
<p>Now in a very basic playbook all the tasks will be listed directly in that play, though it will usually
make more sense to break up tasks using the &#8216;include:&#8217; directive. We&#8217;ll show that a bit later.</p>
</div>
</div>
<div class="section" id="running-operations-on-change">
<h2>Running Operations On Change<a class="headerlink" href="#running-operations-on-change" title="Permalink to this headline"></a></h2>
<p>As we&#8217;ve mentioned, nearly all modules are written to be &#8216;idempotent&#8217; and can relay when
<p>As we&#8217;ve mentioned, modules are written to be &#8216;idempotent&#8217; and can relay when
they have made a change on the remote system. Playbooks recognize this and
have a basic event system that can be used to respond to change.</p>
<p>These &#8216;notify&#8217; actions are triggered at the end of each &#8216;play&#8217; in a playbook, and
@ -391,11 +407,13 @@ won&#8217;t need them for much else.</p>
<p class="last">Notify handlers are always run in the order written.</p>
</div>
</div>
<div class="section" id="include-files-and-reuse">
<h2>Include Files And Reuse<a class="headerlink" href="#include-files-and-reuse" title="Permalink to this headline"></a></h2>
<div class="section" id="include-files-and-encouraging-reuse">
<h2>Include Files And Encouraging Reuse<a class="headerlink" href="#include-files-and-encouraging-reuse" title="Permalink to this headline"></a></h2>
<p>Suppose you want to reuse lists of tasks between plays or playbooks. You can use
include files to do this.</p>
<p>An include file simply contains a flat list of tasks, like so:</p>
include files to do this. Use of included task lists is a great way to define a role
that system is going to fulfill. Remember, the goal of a play in a playbook is to map
a group of systems into multiple roles. Let&#8217;s see what this looks like...</p>
<p>A task include file simply contains a flat list of tasks, like so:</p>
<div class="highlight-python"><pre>---
# possibly saved as tasks/foo.yml
- name: placeholder foo
@ -403,11 +421,11 @@ include files to do this.</p>
- name: placeholder bar
action: command /bin/bar</pre>
</div>
<p>Include directives look like this:</p>
<p>Include directives look like this, and can be mixed in with regular tasks in a playbook:</p>
<div class="highlight-python"><pre>- tasks:
- include: tasks/foo.yml</pre>
</div>
<p>You can also pass variables into includes directly. We might call this a &#8216;parameterized include&#8217;.</p>
<p>You can also pass variables into includes. We call this a &#8216;parameterized include&#8217;.</p>
<p>For instance, if deploying multiple wordpress instances, I could
contain all of my wordpress tasks in a single wordpress.yml file, and use it like so:</p>
<div class="highlight-python"><pre>- tasks:
@ -415,16 +433,16 @@ contain all of my wordpress tasks in a single wordpress.yml file, and use it lik
- include: wordpress.yml user=alice
- include: wordpress.yml user=bob</pre>
</div>
<p>Variables passed in can be used in the included files. You can reference them like this:</p>
<p>Variables passed in can then be used in the included files. You can reference them like this:</p>
<div class="highlight-python"><pre>$user</pre>
</div>
<p>In addition to the explicitly passed in parameters, all variables from
the vars section are also available for use here as well.</p>
<p>(In addition to the explicitly passed in parameters, all variables from
the vars section are also available for use here as well.)</p>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">Include statements are only usable from the top level
playbook file. This means includes can not include other
includes. This may be implemented in a later release.</p>
<p class="last">Task include statements are only usable one-level deep.
This means task includes can not include other
task includes. This may change in a later release.</p>
</div>
<p>Includes can also be used in the &#8216;handlers&#8217; section, for instance, if you
want to define how to restart apache, you only have to do that once for all
@ -440,9 +458,12 @@ of a play:</p>
- include: handlers/handlers.yml</pre>
</div>
<p>You can mix in includes along with your regular non-included tasks and handlers.</p>
<p>Note that you can not conditionally path the location to an include file, like you can
<p>NOTE:: you can not conditionally path the location to an include file, like you can
with &#8216;vars_files&#8217;. If you find yourself needing to do this, consider how you can
restructure your playbook to be more class/role oriented.</p>
restructure your playbook to be more class/role oriented. This is to say you cannot
use a &#8216;fact&#8217; to decide what include file to use. All hosts contained within the play
are going to get the same tasks. (&#8216;only_if&#8217; provides some ability for hosts to conditionally
skip tasks).</p>
</div>
<div class="section" id="executing-a-playbook">
<h2>Executing A Playbook<a class="headerlink" href="#executing-a-playbook" title="Permalink to this headline"></a></h2>
@ -514,7 +535,7 @@ package is installed. Try it!</p>
</p>
<p>
&copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 30, 2012.<br/>
Last updated on Jul 31, 2012.<br/>
</p>
</div>
</footer>

@ -149,9 +149,10 @@ s.parentNode.insertBefore(ga, s);
class="dropdown-toggle">Page</a>
<span class="localtoc"><ul>
<li><a class="reference internal" href="#">Advanced Playbooks</a><ul>
<li><a class="reference internal" href="#tags">Tags</a></li>
<li><a class="reference internal" href="#playbooks-including-playbooks">Playbooks Including Playbooks</a><ul>
<li><a class="reference internal" href="#accessing-complex-variable-data">Accessing Complex Variable Data</a></li>
<li><a class="reference internal" href="#accessing-information-about-other-hosts">Accessing Information About Other Hosts</a></li>
<li><a class="reference internal" href="#magic-variables">Magic Variables</a></li>
<li><a class="reference internal" href="#variable-file-seperation">Variable File Seperation</a></li>
<li><a class="reference internal" href="#prompting-for-sensitive-data">Prompting For Sensitive Data</a></li>
<li><a class="reference internal" href="#passing-variables-on-the-command-line">Passing Variables On The Command Line</a></li>
@ -161,7 +162,11 @@ s.parentNode.insertBefore(ga, s);
<li><a class="reference internal" href="#selecting-files-and-templates-based-on-variables">Selecting Files And Templates Based On Variables</a></li>
<li><a class="reference internal" href="#asynchronous-actions-and-polling">Asynchronous Actions and Polling</a></li>
<li><a class="reference internal" href="#local-playbooks">Local Playbooks</a></li>
<li><a class="reference internal" href="#turning-off-facts">Turning Off Facts</a></li>
<li><a class="reference internal" href="#pull-mode-playbooks">Pull-Mode Playbooks</a></li>
<li><a class="reference internal" href="#style-points">Style Points</a></li>
</ul>
</li>
</ul>
</li>
</ul>
@ -195,11 +200,44 @@ s.parentNode.insertBefore(ga, s);
are not neccessary, but many of them will prove useful. If a feature doesn&#8217;t seem immediately
relevant, feel free to skip it. For many people, the features documented in <cite>playbooks</cite> will
be 90% or more of what they use in Ansible.</p>
<div class="section" id="tags">
<h2>Tags<a class="headerlink" href="#tags" title="Permalink to this headline"></a></h2>
<p>(New in 0.6) If you have a large playbook it may become useful to be able to run a specific
part of the configuration. Both plays and tasks support a &#8220;tags:&#8221; attribute for this reason.</p>
<p>Example:</p>
<div class="highlight-python"><pre>tasks:
- action: yum name=$item state=installed
with_items:
- httpd
- memcached
tags:
- packages
- action: template src=templates/src.j2 dest=/etc/foo.conf
tags:
- configuration</pre>
</div>
<p>If you wanted to just run the &#8220;configuration&#8221; and &#8220;packages&#8221; part of a very long playbook, you could do this:</p>
<div class="highlight-python"><pre>ansible-playbook example.yml --tags "configuration,packages"</pre>
</div>
</div>
<div class="section" id="playbooks-including-playbooks">
<h2>Playbooks Including Playbooks<a class="headerlink" href="#playbooks-including-playbooks" title="Permalink to this headline"></a></h2>
<p>(New in 0.6) To further advance the concept of include files, playbook files can include other playbook
files. Suppose you define the behavior of all your webservers in &#8220;webservers.yml&#8221; and
all your database servers in &#8220;dbservers.yml&#8221;. You can create a &#8220;site.yml&#8221; that would
reconfigure all of your systems like this:</p>
<div class="highlight-python"><pre>----
- include: playbooks/webservers.yml
- include: playbooks/dbservers.yml</pre>
</div>
<p>This concept works great with tags to rapidly select exactly what plays you want to run, and exactly
what parts of those plays.</p>
<div class="section" id="accessing-complex-variable-data">
<h2>Accessing Complex Variable Data<a class="headerlink" href="#accessing-complex-variable-data" title="Permalink to this headline"></a></h2>
<h3>Accessing Complex Variable Data<a class="headerlink" href="#accessing-complex-variable-data" title="Permalink to this headline"></a></h3>
<p>Some provided facts, like networking information, are made available as nested data structures. To access
them a simple &#8216;$foo&#8217; is not sufficient, but it is still easy to do. Here&#8217;s how we get an IP address using
Ansible 0.4 and later:</p>
them a simple &#8216;$foo&#8217; is not sufficient, but it is still easy to do. Here&#8217;s how we get an IP address:</p>
<div class="highlight-python"><pre>${ansible_eth0.ipv4.address}</pre>
</div>
<p>It is also possible to access variables whose elements are arrays:</p>
@ -212,19 +250,14 @@ that is preferred:</p>
</div>
</div>
<div class="section" id="accessing-information-about-other-hosts">
<h2>Accessing Information About Other Hosts<a class="headerlink" href="#accessing-information-about-other-hosts" title="Permalink to this headline"></a></h2>
<h3>Accessing Information About Other Hosts<a class="headerlink" href="#accessing-information-about-other-hosts" title="Permalink to this headline"></a></h3>
<p>If your database server wants to check the value of a &#8216;fact&#8217; from another node, or an inventory variable
assigned to another node, it&#8217;s easy to do so within a template or even an action line (note: this uses syntax available in 0.4 and later):</p>
assigned to another node, it&#8217;s easy to do so within a template or even an action line:</p>
<div class="highlight-python"><pre>${hostvars.hostname.factname}</pre>
</div>
<p>NOTE: No database or other complex system is required to exchange data between hosts. The hosts that you
want to reference data from must be included in either the current play or any previous play.</p>
</div>
<div class="section" id="magic-variables">
<h2>Magic Variables<a class="headerlink" href="#magic-variables" title="Permalink to this headline"></a></h2>
<p>Some variables made available to hosts don&#8217;t come from definitions in a playbook, the inventory file, or discovery from the system. There are only two of these, and are used in special cases that many users won&#8217;t need.</p>
<p><em>group_names</em> is a list (array) of all the groups the current host is in. This can be used in templates using Jinja2
syntax to make template source files that vary based on the group membership (or role) of the host:</p>
<p>Additionally, <em>group_names</em> is a list (array) of all the groups the current host is in. This can be used in templates using Jinja2 syntax to make template source files that vary based on the group membership (or role) of the host:</p>
<div class="highlight-python"><pre>{% if 'webserver' in group_names %}
# some part of a configuration file that only applies to webservers
{% endif %}</pre>
@ -238,10 +271,12 @@ For example:</p>
<p>Use cases include pointing a frontend proxy server to all of the app servers, setting up the correct firewall rules between servers, etc.</p>
<p><em>inventory_hostname</em> is the name of the hostname as configured in Ansible&#8217;s inventory host file. This can
be useful for when you don&#8217;t want to rely on the discovered hostname <cite>ansible_hostname</cite> or for other mysterious
reasons. Don&#8217;t worry about it unless you think you need it.</p>
reasons. If you have a long FQDN, <em>inventory_hostname_short</em> (in Ansible 0.6) also contains the part up to the first
period.</p>
<p>Don&#8217;t worry about any of this unless you think you need it. You&#8217;ll know when you do.</p>
</div>
<div class="section" id="variable-file-seperation">
<h2>Variable File Seperation<a class="headerlink" href="#variable-file-seperation" title="Permalink to this headline"></a></h2>
<h3>Variable File Seperation<a class="headerlink" href="#variable-file-seperation" title="Permalink to this headline"></a></h3>
<p>It&#8217;s a great idea to keep your playbooks under source control, but
you may wish to make the playbook source public while keeping certain
important variables private. Similarly, sometimes you may just
@ -267,9 +302,10 @@ sharing your playbook source with them.</p>
somevar: somevalue
password: magic</pre>
</div>
<p>NOTE: It&#8217;s also possible to keep per-host and per-group variables in very similar files, this is covered in <a class="reference internal" href="patterns.html#patterns"><em>Inventory &amp; Patterns</em></a>.</p>
</div>
<div class="section" id="prompting-for-sensitive-data">
<h2>Prompting For Sensitive Data<a class="headerlink" href="#prompting-for-sensitive-data" title="Permalink to this headline"></a></h2>
<h3>Prompting For Sensitive Data<a class="headerlink" href="#prompting-for-sensitive-data" title="Permalink to this headline"></a></h3>
<p>You may wish to prompt the user for certain input, and can
do so with the similarly named &#8216;vars_prompt&#8217; section. This has uses
beyond security, for instance, you may use the same playbook for all
@ -286,17 +322,37 @@ in a push-script:</p>
favcolor: "what is your favorite color?"</pre>
</div>
<p>There are full examples of both of these items in the github examples/playbooks directory.</p>
<p>An alternative form of vars_prompt allows for hiding input from the user, and may later support
some other options, but otherwise works equivalently:</p>
<div class="highlight-python"><pre>vars_prompt:
- name: "some_password"
prompt: "Enter password"
private: True
- name: "release_version"
prompt: "Product release version"
private: False</pre>
</div>
</div>
<div class="section" id="passing-variables-on-the-command-line">
<h2>Passing Variables On The Command Line<a class="headerlink" href="#passing-variables-on-the-command-line" title="Permalink to this headline"></a></h2>
<h3>Passing Variables On The Command Line<a class="headerlink" href="#passing-variables-on-the-command-line" title="Permalink to this headline"></a></h3>
<p>In addition to <cite>vars_prompt</cite> and <cite>vars_files</cite>, it is possible to send variables over
the ansible command line. This is particularly useful when writing a generic release playbook
where you may want to pass in the version of the application to deploy:</p>
<div class="highlight-python"><pre>ansible-playbook release.yml --extra-vars "version=1.23.45 other_variable=foo"</pre>
</div>
<p>This is useful, for, among other things, setting the hosts group or the user for the playbook.</p>
<p>Example:</p>
<div class="highlight-python"><pre>-----
- user: $user
hosts: $hosts
tasks:
- ...
ansible-playbook release.yml --extra-vars "hosts=vipers user=starbuck"</pre>
</div>
</div>
<div class="section" id="conditional-execution">
<h2>Conditional Execution<a class="headerlink" href="#conditional-execution" title="Permalink to this headline"></a></h2>
<h3>Conditional Execution<a class="headerlink" href="#conditional-execution" title="Permalink to this headline"></a></h3>
<p>Sometimes you will want to skip a particular step on a particular host. This could be something
as simple as not installing a certain package if the operating system is a particular version,
or it could be something like performing some cleanup steps if a filesystem is getting full.</p>
@ -306,22 +362,32 @@ Don&#8217;t panic &#8211; it&#8217;s actually pretty simple:</p>
favcolor: blue
is_favcolor_blue: "'$favcolor' == 'blue'"
is_centos: "'$facter_operatingsystem' == 'CentOS'"
tasks:
- name: "shutdown if my favorite color is blue"
action: command /sbin/shutdown -t now
only_if: '$is_favcolor_blue'</pre>
</div>
<p>Variables from tools like <cite>facter</cite> and <cite>ohai</cite> can be used here, if installed, or you can
use variables that bubble up from ansible (0.3 and later). As a reminder,
use variables that bubble up from ansible, which many are provided by the <a class="reference internal" href="modules.html#setup"><em>setup</em></a> module. As a reminder,
these variables are prefixed, so it&#8217;s <cite>$facter_operatingsystem</cite>, not <cite>$operatingsystem</cite>. Ansible&#8217;s
built in variables are prefixed with <cite>ansible_</cite>. The only_if
expression is actually a tiny small bit of Python, so be sure to quote variables and make something
built in variables are prefixed with <cite>ansible_</cite>.</p>
<p>The only_if expression is actually a tiny small bit of Python, so be sure to quote variables and make something
that evaluates to <cite>True</cite> or <cite>False</cite>. It is a good idea to use &#8216;vars_files&#8217; instead of &#8216;vars&#8217; to define
all of your conditional expressions in a way that makes them very easy to reuse between plays
and playbooks.</p>
<p>You cannot use live checks here, like &#8216;os.path.exists&#8217;, so don&#8217;t try.</p>
<p>It&#8217;s also easy to provide your own facts if you want, which is covered in <a class="reference internal" href="moduledev.html"><em>Module Development</em></a>. To run them, just
make a call to your own custom fact gathering module at the top of your list of tasks, and variables returned
there will be accessible to future tasks:</p>
<div class="highlight-python"><pre>tasks:
- name: gather site specific fact data
action: site_facts
- action: command echo ${my_custom_fact_can_be_used_now}</pre>
</div>
</div>
<div class="section" id="conditional-imports">
<h2>Conditional Imports<a class="headerlink" href="#conditional-imports" title="Permalink to this headline"></a></h2>
<h3>Conditional Imports<a class="headerlink" href="#conditional-imports" title="Permalink to this headline"></a></h3>
<p>Sometimes you will want to do certain things differently in a playbook based on certain criteria.
Having one playbook that works on multiple platforms and OS versions is a good example.</p>
<p>As an example, the name of the Apache package may be different between CentOS and Debian,
@ -364,7 +430,7 @@ in more streamlined &amp; auditable configuration rules &#8211; especially becau
minimum of decision points to track.</p>
</div>
<div class="section" id="loop-shorthand">
<h2>Loop Shorthand<a class="headerlink" href="#loop-shorthand" title="Permalink to this headline"></a></h2>
<h3>Loop Shorthand<a class="headerlink" href="#loop-shorthand" title="Permalink to this headline"></a></h3>
<p>To save some typing, repeated tasks can be written in short-hand like so:</p>
<div class="highlight-python"><pre>- name: add user $item
action: user name=$item state=present groups=wheel
@ -372,6 +438,9 @@ minimum of decision points to track.</p>
- testuser1
- testuser2</pre>
</div>
<p>If you have defined a YAML list in a variables file, or the &#8216;vars&#8217; section, you can also do:</p>
<div class="highlight-python"><pre>with_items: $somelist</pre>
</div>
<p>The above would be the equivalent of:</p>
<div class="highlight-python"><pre>- name: add user testuser1
action: user name=testuser1 state=present groups=wheel
@ -382,9 +451,9 @@ minimum of decision points to track.</p>
manager transactions.</p>
</div>
<div class="section" id="selecting-files-and-templates-based-on-variables">
<h2>Selecting Files And Templates Based On Variables<a class="headerlink" href="#selecting-files-and-templates-based-on-variables" title="Permalink to this headline"></a></h2>
<h3>Selecting Files And Templates Based On Variables<a class="headerlink" href="#selecting-files-and-templates-based-on-variables" title="Permalink to this headline"></a></h3>
<p>Sometimes a configuration file you want to copy, or a template you will use may depend on a variable.
The following construct (new in 0.4) selects the first available file appropriate for the variables of a given host,
The following construct selects the first available file appropriate for the variables of a given host,
which is often much cleaner than putting a lot of if conditionals in a template.</p>
<p>The following example shows how to template out a configuration file that was very different between, say,
CentOS and Debian:</p>
@ -396,7 +465,7 @@ CentOS and Debian:</p>
</div>
</div>
<div class="section" id="asynchronous-actions-and-polling">
<h2>Asynchronous Actions and Polling<a class="headerlink" href="#asynchronous-actions-and-polling" title="Permalink to this headline"></a></h2>
<h3>Asynchronous Actions and Polling<a class="headerlink" href="#asynchronous-actions-and-polling" title="Permalink to this headline"></a></h3>
<p>By default tasks in playbooks block, meaning the connections stay open
until the task is done on each node. If executing playbooks with
a small parallelism value (aka <tt class="docutils literal"><span class="pre">--forks</span></tt>), you may wish that long
@ -446,7 +515,7 @@ tasks even faster. This also increases the efficiency of polling.</p>
</div>
</div>
<div class="section" id="local-playbooks">
<h2>Local Playbooks<a class="headerlink" href="#local-playbooks" title="Permalink to this headline"></a></h2>
<h3>Local Playbooks<a class="headerlink" href="#local-playbooks" title="Permalink to this headline"></a></h3>
<p>It may be useful to use a playbook locally, rather than by connecting over SSH. This can be useful
for assuring the configuration of a system by putting a playbook on a crontab. This may also be used
to run a playbook inside a OS installer, such as an Anaconda kickstart.</p>
@ -459,10 +528,19 @@ use the default remote connection type:</p>
connection: local</pre>
</div>
</div>
<div class="section" id="turning-off-facts">
<h3>Turning Off Facts<a class="headerlink" href="#turning-off-facts" title="Permalink to this headline"></a></h3>
<p>If you know you don&#8217;t need any fact data about your hosts, and know everything about your systems centrally, you
can turn off fact gathering. This has advantages in scaling ansible in push mode with very large numbers of
systems, mainly, or if you are using Ansible on experimental platforms. In any play, just do this:</p>
<div class="highlight-python"><pre>- hosts: whatever
gather_facts: False</pre>
</div>
</div>
<div class="section" id="pull-mode-playbooks">
<h2>Pull-Mode Playbooks<a class="headerlink" href="#pull-mode-playbooks" title="Permalink to this headline"></a></h2>
<p>The use of playbooks in local mode (above) is made extremely powerful with the addition of <cite>ansible-pull</cite> in the
0.4 release. A script for setting up ansible-pull is provided in the examples/playbooks directory of the source
<h3>Pull-Mode Playbooks<a class="headerlink" href="#pull-mode-playbooks" title="Permalink to this headline"></a></h3>
<p>The use of playbooks in local mode (above) is made extremely powerful with the addition of <cite>ansible-pull</cite>.
A script for setting up ansible-pull is provided in the examples/playbooks directory of the source
checkout.</p>
<p>The basic idea is to use Ansible to set up a remote copy of ansible on each managed node, each set to run via
cron and update playbook source via git. This interverts the default push architecture of ansible into a pull
@ -470,6 +548,11 @@ architecture, which has near-limitless scaling potential. The setup playbook ca
the cron frequency, logging locations, and parameters to ansible-pull.</p>
<p>This is useful both for extreme scale-out as well as periodic remediation. Usage of the &#8216;fetch&#8217; module to retrieve
logs from ansible-pull runs would be an excellent way to gather and analyze remote logs from ansible-pull.</p>
</div>
<div class="section" id="style-points">
<h3>Style Points<a class="headerlink" href="#style-points" title="Permalink to this headline"></a></h3>
<p>Ansible playbooks are colorized. If you do not like this, set the ANSIBLE_NOCOLOR=1 environment variable.</p>
<p>Ansible playbooks also look more impressive with cowsay installed, and we encourage installing this package.</p>
<div class="admonition-see-also admonition seealso">
<p class="first admonition-title">See also</p>
<dl class="last docutils">
@ -493,6 +576,7 @@ logs from ansible-pull runs would be an excellent way to gather and analyze remo
</div>
</div>
</div>
</div>
<br/>
@ -522,7 +606,7 @@ logs from ansible-pull runs would be an excellent way to gather and analyze remo
</p>
<p>
&copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 30, 2012.<br/>
Last updated on Jul 31, 2012.<br/>
</p>
</div>
</footer>

@ -174,8 +174,7 @@ Module Provided 'Facts'
The 'setup' module that ships with Ansible provides many variables about a system that can be used in playbooks
and templates. However, it's possible to also add your own facts without modifying the system module. To do
this, just have the module return a `ansible_facts` key, like so, along with other return data. This requires
Ansible 0.4 and later::
this, just have the module return a `ansible_facts` key, like so, along with other return data::
{
"changed" : True,

@ -433,7 +433,6 @@ raw
```
Executes a low-down and dirty SSH command, not going through the module subsystem.
This module is new in Ansible 0.4.
This is useful and should only be done in two cases. The first case is installing
python-simplejson on older (python 2.4 and before) hosts that need it as a dependency

@ -110,7 +110,7 @@ Variables can also be applied to an entire group at once::
Groups of Groups, and Group Variables
+++++++++++++++++++++++++++++++++++++
Using Ansible 0.4, it is possible to make groups of groups and assign
It is also possible to make groups of groups and assign
variables to groups. These variables can be used by /usr/bin/ansible-playbook, but not
/usr/bin/ansible::

@ -1,11 +1,10 @@
Playbooks
=========
Playbooks are a completely different way to use ansible and are
particularly awesome. They are the basis for a really simple
Playbooks are a completely different way to use ansible than in task execution mode, and are
particularly awesome. Simply put, playbooks are the basis for a really simple
configuration management and multi-machine deployment system,
unlike any that already exist, and
one that is very well suited to deploying complex applications.
unlike any that already exist, and one that is very well suited to deploying complex applications.
Playbooks can declare configurations, but they can also orchestrate steps of
any manual ordered process, even as different steps must bounce back and forth
@ -21,12 +20,16 @@ Let's dive in and see how they work. As you go, you may wish to open
the `github examples directory <https://github.com/ansible/ansible/tree/master/examples/playbooks>`_ in
another tab, so you can apply the theory to what things look like in practice.
Playbook Example
````````````````
Playbook Language Example
`````````````````````````
Playbooks are expressed in YAML format and have a minimum of syntax.
Each playbook is composed of one or more 'plays' in a list.
The goal of a play is map a group of hosts to some well defined roles, represented by
things ansible called tasks. At the basic level, a task is nothing more than a call
to an ansible module, which you should have learned about in earlier chapters.
By composing a playbook of multiple 'plays', it is possible to
orchestrate multi-machine deployments, running certain steps on all
machines in the webservers group, then certain steps on the database
@ -116,9 +119,9 @@ These variables can be used later in the playbook like this::
$varname or ${varname}
The later is useful in the event you need to do something like ${other}_concatenated_value.
The later is useful in the event you need to do something like ${other}_some_string.
The full power of the Jinja2 templating language is also available (note: in 0.4, this is only true inside of templates), which looks like this::
The full power of the `Jinja2 <http://jinja.pocoo.org/docs/>`_ templating language is also available, which looks like this::
{{ varname }}
@ -126,15 +129,11 @@ The Jinja2 documentation provides information about how to construct loops and c
who which to use more advanced templating. This is optional and the $varname format still works in template
files.
If there are discovered variables about the system (ansible provides some of these,
plus we include ones taken from facter or ohai if installed) these variables bubble up back into the
playbook, and can be used on each system just like explicitly set
variables.
Facter variables are prefixed with ``facter_`` and Ohai
variables are prefixed with ``ohai_``. Ansible variables (0.3 and later)
are not surprisingly prefixed with ``ansible_`` (See the :ref:`setup` module
documentation for a list of Ansible variables).
If there are discovered variables about the system, called 'facts', these variables bubble up back into the
playbook, and can be used on each system just like explicitly set variables. Ansible provides several
of these, prefixed with 'ansible', and are documented under :ref:`setup` in the module documentation. Additionally,
facts can be gathered by ohai and facter if they are installed. Facter variables are prefixed with ``facter_`` and Ohai
variables are prefixed with ``ohai_``.
So for instance, if I wanted
to write the hostname into the /etc/motd file, I could say::
@ -153,23 +152,26 @@ Tasks list
Each play contains a list of tasks. Tasks are executed in order, one
at a time, against all machines matched by the host pattern,
before moving on to the next task.
before moving on to the next task. It is important to understand that, within a play,
all hosts are going to get the same task directives. It is the purpose of a play to map
a selection of hosts to tasks.
Hosts with failed tasks are taken out of the rotation for the entire
playbook. If things fail, simply correct the playbook file and rerun.
When running the playbook, which runs top to bottom, hosts with failed tasks are
taken out of the rotation for the entire playbook. If things fail, simply correct the playbook file and rerun.
The goal of each task is to execute a module, with very specific arguments.
Variables, as mentioned above, can be used in arguments to modules.
Modules other than `command` and `shell` are 'idempotent', meaning if you run them
Modules are 'idempotent', meaning if you run them
again, they will make the changes they are told to make to bring the
system to the desired state. This makes it very safe to rerun
the same playbook multiple times. They won't change things
unless they have to change things.
The `command` and `shell` modules will actually rerun the same command again,
The `command` and `shell` modules will typically rerun the same command again,
which is totally ok if the command is something like
'chmod' or 'setsebool', etc.
'chmod' or 'setsebool', etc. Though there is a 'creates' flag available which can
be used to make these modules also idempotent.
Every task should have a `name`, which is included in the output from
running the playbook. This is output for humans, so it is
@ -192,6 +194,13 @@ them work just like you would expect. Simple::
- name: disable selinux
action: command /sbin/setenforce 0
The command and shell module care about return codes, so if you have a command
who's successful exit code is not zero, you may wish to do this:
tasks:
- name: run this command and ignore the result
action: shell /usr/bin/somecommand & /bin/true
Variables can be used in action lines. Suppose you defined
a variable called 'vhost' in the 'vars' section, you could do this::
@ -201,11 +210,13 @@ a variable called 'vhost' in the 'vars' section, you could do this::
Those same variables are usable in templates, which we'll get to later.
Now in a very basic playbook all the tasks will be listed directly in that play, though it will usually
make more sense to break up tasks using the 'include:' directive. We'll show that a bit later.
Running Operations On Change
````````````````````````````
As we've mentioned, nearly all modules are written to be 'idempotent' and can relay when
As we've mentioned, modules are written to be 'idempotent' and can relay when
they have made a change on the remote system. Playbooks recognize this and
have a basic event system that can be used to respond to change.
@ -246,13 +257,15 @@ won't need them for much else.
Notify handlers are always run in the order written.
Include Files And Reuse
```````````````````````
Include Files And Encouraging Reuse
```````````````````````````````````
Suppose you want to reuse lists of tasks between plays or playbooks. You can use
include files to do this.
include files to do this. Use of included task lists is a great way to define a role
that system is going to fulfill. Remember, the goal of a play in a playbook is to map
a group of systems into multiple roles. Let's see what this looks like...
An include file simply contains a flat list of tasks, like so::
A task include file simply contains a flat list of tasks, like so::
---
# possibly saved as tasks/foo.yml
@ -261,12 +274,12 @@ An include file simply contains a flat list of tasks, like so::
- name: placeholder bar
action: command /bin/bar
Include directives look like this::
Include directives look like this, and can be mixed in with regular tasks in a playbook::
- tasks:
- include: tasks/foo.yml
You can also pass variables into includes directly. We might call this a 'parameterized include'.
You can also pass variables into includes. We call this a 'parameterized include'.
For instance, if deploying multiple wordpress instances, I could
contain all of my wordpress tasks in a single wordpress.yml file, and use it like so::
@ -276,17 +289,17 @@ contain all of my wordpress tasks in a single wordpress.yml file, and use it lik
- include: wordpress.yml user=alice
- include: wordpress.yml user=bob
Variables passed in can be used in the included files. You can reference them like this::
Variables passed in can then be used in the included files. You can reference them like this::
$user
In addition to the explicitly passed in parameters, all variables from
the vars section are also available for use here as well.
(In addition to the explicitly passed in parameters, all variables from
the vars section are also available for use here as well.)
.. note::
Include statements are only usable from the top level
playbook file. This means includes can not include other
includes. This may be implemented in a later release.
Task include statements are only usable one-level deep.
This means task includes can not include other
task includes. This may change in a later release.
Includes can also be used in the 'handlers' section, for instance, if you
want to define how to restart apache, you only have to do that once for all
@ -305,10 +318,12 @@ of a play::
You can mix in includes along with your regular non-included tasks and handlers.
Note that you can not conditionally path the location to an include file, like you can
NOTE:: you can not conditionally path the location to an include file, like you can
with 'vars_files'. If you find yourself needing to do this, consider how you can
restructure your playbook to be more class/role oriented.
restructure your playbook to be more class/role oriented. This is to say you cannot
use a 'fact' to decide what include file to use. All hosts contained within the play
are going to get the same tasks. ('only_if' provides some ability for hosts to conditionally
skip tasks).
Executing A Playbook
````````````````````

@ -6,12 +6,51 @@ are not neccessary, but many of them will prove useful. If a feature doesn't se
relevant, feel free to skip it. For many people, the features documented in `playbooks` will
be 90% or more of what they use in Ansible.
Tags
````
(New in 0.6) If you have a large playbook it may become useful to be able to run a specific
part of the configuration. Both plays and tasks support a "tags:" attribute for this reason.
Example::
tasks:
- action: yum name=$item state=installed
with_items:
- httpd
- memcached
tags:
- packages
- action: template src=templates/src.j2 dest=/etc/foo.conf
tags:
- configuration
If you wanted to just run the "configuration" and "packages" part of a very long playbook, you could do this::
ansible-playbook example.yml --tags "configuration,packages"
Playbooks Including Playbooks
`````````````````````````````
(New in 0.6) To further advance the concept of include files, playbook files can include other playbook
files. Suppose you define the behavior of all your webservers in "webservers.yml" and
all your database servers in "dbservers.yml". You can create a "site.yml" that would
reconfigure all of your systems like this::
----
- include: playbooks/webservers.yml
- include: playbooks/dbservers.yml
This concept works great with tags to rapidly select exactly what plays you want to run, and exactly
what parts of those plays.
Accessing Complex Variable Data
+++++++++++++++++++++++++++++++
Some provided facts, like networking information, are made available as nested data structures. To access
them a simple '$foo' is not sufficient, but it is still easy to do. Here's how we get an IP address using
Ansible 0.4 and later::
them a simple '$foo' is not sufficient, but it is still easy to do. Here's how we get an IP address::
${ansible_eth0.ipv4.address}
@ -30,26 +69,19 @@ Accessing Information About Other Hosts
+++++++++++++++++++++++++++++++++++++++
If your database server wants to check the value of a 'fact' from another node, or an inventory variable
assigned to another node, it's easy to do so within a template or even an action line (note: this uses syntax available in 0.4 and later)::
assigned to another node, it's easy to do so within a template or even an action line::
${hostvars.hostname.factname}
NOTE: No database or other complex system is required to exchange data between hosts. The hosts that you
want to reference data from must be included in either the current play or any previous play.
Magic Variables
+++++++++++++++
Some variables made available to hosts don't come from definitions in a playbook, the inventory file, or discovery from the system. There are only two of these, and are used in special cases that many users won't need.
*group_names* is a list (array) of all the groups the current host is in. This can be used in templates using Jinja2
syntax to make template source files that vary based on the group membership (or role) of the host::
Additionally, *group_names* is a list (array) of all the groups the current host is in. This can be used in templates using Jinja2 syntax to make template source files that vary based on the group membership (or role) of the host::
{% if 'webserver' in group_names %}
# some part of a configuration file that only applies to webservers
{% endif %}
*groups* is a list of all the groups (and hosts) in the inventory. This can be used to enumerate all hosts within a group.
For example::
@ -57,12 +89,14 @@ For example::
# something that applies to all app servers.
{% endfor %}
Use cases include pointing a frontend proxy server to all of the app servers, setting up the correct firewall rules between servers, etc.
*inventory_hostname* is the name of the hostname as configured in Ansible's inventory host file. This can
be useful for when you don't want to rely on the discovered hostname `ansible_hostname` or for other mysterious
reasons. Don't worry about it unless you think you need it.
reasons. If you have a long FQDN, *inventory_hostname_short* (in Ansible 0.6) also contains the part up to the first
period.
Don't worry about any of this unless you think you need it. You'll know when you do.
Variable File Seperation
++++++++++++++++++++++++
@ -96,6 +130,8 @@ The contents of each variables file is a simple YAML dictionary, like this::
somevar: somevalue
password: magic
NOTE: It's also possible to keep per-host and per-group variables in very similar files, this is covered in :ref:`patterns`.
Prompting For Sensitive Data
++++++++++++++++++++++++++++
@ -117,6 +153,18 @@ in a push-script::
There are full examples of both of these items in the github examples/playbooks directory.
An alternative form of vars_prompt allows for hiding input from the user, and may later support
some other options, but otherwise works equivalently::
vars_prompt:
- name: "some_password"
prompt: "Enter password"
private: True
- name: "release_version"
prompt: "Product release version"
private: False
Passing Variables On The Command Line
+++++++++++++++++++++++++++++++++++++
@ -126,6 +174,18 @@ where you may want to pass in the version of the application to deploy::
ansible-playbook release.yml --extra-vars "version=1.23.45 other_variable=foo"
This is useful, for, among other things, setting the hosts group or the user for the playbook.
Example::
-----
- user: $user
hosts: $hosts
tasks:
- ...
ansible-playbook release.yml --extra-vars "hosts=vipers user=starbuck"
Conditional Execution
+++++++++++++++++++++
@ -140,20 +200,32 @@ Don't panic -- it's actually pretty simple::
favcolor: blue
is_favcolor_blue: "'$favcolor' == 'blue'"
is_centos: "'$facter_operatingsystem' == 'CentOS'"
tasks:
- name: "shutdown if my favorite color is blue"
action: command /sbin/shutdown -t now
only_if: '$is_favcolor_blue'
Variables from tools like `facter` and `ohai` can be used here, if installed, or you can
use variables that bubble up from ansible (0.3 and later). As a reminder,
use variables that bubble up from ansible, which many are provided by the :ref:`setup` module. As a reminder,
these variables are prefixed, so it's `$facter_operatingsystem`, not `$operatingsystem`. Ansible's
built in variables are prefixed with `ansible_`. The only_if
expression is actually a tiny small bit of Python, so be sure to quote variables and make something
built in variables are prefixed with `ansible_`.
The only_if expression is actually a tiny small bit of Python, so be sure to quote variables and make something
that evaluates to `True` or `False`. It is a good idea to use 'vars_files' instead of 'vars' to define
all of your conditional expressions in a way that makes them very easy to reuse between plays
and playbooks.
You cannot use live checks here, like 'os.path.exists', so don't try.
It's also easy to provide your own facts if you want, which is covered in :doc:`moduledev`. To run them, just
make a call to your own custom fact gathering module at the top of your list of tasks, and variables returned
there will be accessible to future tasks::
tasks:
- name: gather site specific fact data
action: site_facts
- action: command echo ${my_custom_fact_can_be_used_now}
Conditional Imports
+++++++++++++++++++
@ -216,6 +288,10 @@ To save some typing, repeated tasks can be written in short-hand like so::
- testuser1
- testuser2
If you have defined a YAML list in a variables file, or the 'vars' section, you can also do::
with_items: $somelist
The above would be the equivalent of::
- name: add user testuser1
@ -231,7 +307,7 @@ Selecting Files And Templates Based On Variables
++++++++++++++++++++++++++++++++++++++++++++++++
Sometimes a configuration file you want to copy, or a template you will use may depend on a variable.
The following construct (new in 0.4) selects the first available file appropriate for the variables of a given host,
The following construct selects the first available file appropriate for the variables of a given host,
which is often much cleaner than putting a lot of if conditionals in a template.
The following example shows how to template out a configuration file that was very different between, say,
@ -312,11 +388,21 @@ use the default remote connection type::
hosts: 127.0.0.1
connection: local
Turning Off Facts
+++++++++++++++++
If you know you don't need any fact data about your hosts, and know everything about your systems centrally, you
can turn off fact gathering. This has advantages in scaling ansible in push mode with very large numbers of
systems, mainly, or if you are using Ansible on experimental platforms. In any play, just do this::
- hosts: whatever
gather_facts: False
Pull-Mode Playbooks
+++++++++++++++++++
The use of playbooks in local mode (above) is made extremely powerful with the addition of `ansible-pull` in the
0.4 release. A script for setting up ansible-pull is provided in the examples/playbooks directory of the source
The use of playbooks in local mode (above) is made extremely powerful with the addition of `ansible-pull`.
A script for setting up ansible-pull is provided in the examples/playbooks directory of the source
checkout.
The basic idea is to use Ansible to set up a remote copy of ansible on each managed node, each set to run via
@ -327,6 +413,12 @@ the cron frequency, logging locations, and parameters to ansible-pull.
This is useful both for extreme scale-out as well as periodic remediation. Usage of the 'fetch' module to retrieve
logs from ansible-pull runs would be an excellent way to gather and analyze remote logs from ansible-pull.
Style Points
++++++++++++
Ansible playbooks are colorized. If you do not like this, set the ANSIBLE_NOCOLOR=1 environment variable.
Ansible playbooks also look more impressive with cowsay installed, and we encourage installing this package.
.. seealso::

@ -221,7 +221,7 @@ s.parentNode.insertBefore(ga, s);
</p>
<p>
&copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 30, 2012.<br/>
Last updated on Jul 31, 2012.<br/>
</p>
</div>
</footer>

File diff suppressed because one or more lines are too long

@ -257,7 +257,7 @@ s.parentNode.insertBefore(ga, s);
</p>
<p>
&copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 30, 2012.<br/>
Last updated on Jul 31, 2012.<br/>
</p>
</div>
</footer>

Loading…
Cancel
Save